formbook

General

Target

PO23043-WT0540500856808075.PDF.img
Size

1.2MB
Sample

230828-rpwv9sef5z
MD5

ac273df922275fee23d2549b30a53960
SHA1

3eb74eb8b202ca5642c26bf6900e79c46e6bddb2
SHA256

d11539b688587eec5e9939b6c85f76613cdf16187e8d25afcc52883f8134272e
SHA512

9f1f969ec4bd37031d3e6e2f021d5cd9bb1c23af3162de914434fc5c7ad4ced389e9296a6307a071f77c911146df4a95e4d4747d2df126865d8bd1b43d2589dc
SSDEEP

6144:fYa6/oSLCCe6xEoeELdWc9K4TDRnqoW/U6k33K9uu:fYZre6xEohLNJTDRniG3X

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Targets

- Target
  
  PO23043_.EXE
- Size
  
  313KB
- MD5
  
  c1d14a0b29a7f3829d1361363ec2e9b1
- SHA1
  
  11aa2f0448e47835ec84f975c13b9bdb762e7ad3
- SHA256
  
  b2d76e91d736201b7e8fb9780594693cfc3106285a4886e9b40007fdd7e56359
- SHA512
  
  e85b8aef71f36657e32c8e7c38b34834774e8ffc782bcb34f6e75e2634b6725ddae97dac7f9f73c09099d5a656bde10c5ef5bad068db951a7f48990dc98c916b
- SSDEEP
  
  6144:zYa6/oSLCCe6xEoeELdWc9K4TDRnqoW/U6k33K9uuo:zYZre6xEohLNJTDRniG3XN
Score

10^/10

formbook sy22 rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook payload
  rat
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook payload

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2